pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/dnsmasq dnsmasq: update to 2.78.
details: https://anonhg.NetBSD.org/pkgsrc/rev/4f97a4c38ba8
branches: trunk
changeset: 369669:4f97a4c38ba8
user: wiz <wiz%pkgsrc.org@localhost>
date: Mon Oct 02 15:50:55 2017 +0000
description:
dnsmasq: update to 2.78.
version 2.78
Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris
Novakovic for the patch.
Revert ping-check of address in DHCPDISCOVER if there
already exists a lease for the address. Under some
circumstances, and netbooted windows installation can reply
to pings before if has a DHCP lease and block allocation
of the address it already used during netboot. Thanks to
Jan Psota for spotting this.
Fix DHCP relaying, broken in 2.76 and 2.77 by commit
ff325644c7afae2588583f935f4ea9b9694eb52e. Thanks to
John Fitzgibbon for the diagnosis and patch.
Try other servers if first returns REFUSED when
--strict-order active. Thanks to Hans Dedecker
for the patch
Fix regression in 2.77, ironically added as a security
improvement, which resulted in a crash when a DNS
query exceeded 512 bytes (or the EDNS0 packet size,
if different.) Thanks to Christian Kujau, Arne Woerner
Juan Manuel Fernandez and Kevin Darbyshire-Bryant for
chasing this one down. CVE-2017-13704 applies.
Fix heap overflow in DNS code. This is a potentially serious
security hole. It allows an attacker who can make DNS
requests to dnsmasq, and who controls the contents of
a domain, which is thereby queried, to overflow
(by 2 bytes) a heap buffer and either crash, or
even take control of, dnsmasq.
CVE-2017-14491 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix heap overflow in IPv6 router advertisement code.
This is a potentially serious security hole, as a
crafted RA request can overflow a buffer and crash or
control dnsmasq. Attacker must be on the local network.
CVE-2017-14492 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
and Kevin Hamacher of the Google Security Team for
finding this.
Fix stack overflow in DHCPv6 code. An attacker who can send
a DHCPv6 request to dnsmasq can overflow the stack frame and
crash or control dnsmasq.
CVE-2017-14493 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix information leak in DHCPv6. A crafted DHCPv6 packet can
cause dnsmasq to forward memory from outside the packet
buffer to a DHCPv6 server when acting as a relay.
CVE-2017-14494 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix DoS in DNS. Invalid boundary checks in the
add_pseudoheader function allows a memcpy call with negative
size An attacker which can send malicious DNS queries
to dnsmasq can trigger a DoS remotely.
dnsmasq is vulnerable only if one of the following option is
specified: --add-mac, --add-cpe-id or --add-subnet.
CVE-2017-14496 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
Fix out-of-memory Dos vulnerability. An attacker which can
send malicious DNS queries to dnsmasq can trigger memory
allocations in the add_pseudoheader function
The allocated memory is never freed which leads to a DoS
through memory exhaustion. dnsmasq is vulnerable only
if one of the following option is specified:
--add-mac, --add-cpe-id or --add-subnet.
CVE-2017-14495 applies.
Credit to Felix Wilhelm, Fermin J. Serna, Gabriel Campana
Kevin Hamacher and Ron Bowes of the Google Security Team for
finding this.
diffstat:
net/dnsmasq/Makefile | 4 ++--
net/dnsmasq/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (28 lines):
diff -r f51e01e6e923 -r 4f97a4c38ba8 net/dnsmasq/Makefile
--- a/net/dnsmasq/Makefile Mon Oct 02 15:46:53 2017 +0000
+++ b/net/dnsmasq/Makefile Mon Oct 02 15:50:55 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.34 2017/06/02 08:37:49 adam Exp $
+# $NetBSD: Makefile,v 1.35 2017/10/02 15:50:55 wiz Exp $
-DISTNAME= dnsmasq-2.77
+DISTNAME= dnsmasq-2.78
CATEGORIES= net
MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/
EXTRACT_SUFX= .tar.xz
diff -r f51e01e6e923 -r 4f97a4c38ba8 net/dnsmasq/distinfo
--- a/net/dnsmasq/distinfo Mon Oct 02 15:46:53 2017 +0000
+++ b/net/dnsmasq/distinfo Mon Oct 02 15:50:55 2017 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.33 2017/06/02 08:37:49 adam Exp $
+$NetBSD: distinfo,v 1.34 2017/10/02 15:50:55 wiz Exp $
-SHA1 (dnsmasq-2.77.tar.xz) = 7afdb6bb017d67576cd3603c69070235a9dce57c
-RMD160 (dnsmasq-2.77.tar.xz) = eb47de3dca460f972d6641285db11707fcde3cd8
-SHA512 (dnsmasq-2.77.tar.xz) = 6ca98a71a8fdfd606e29c58b34dadfa63148c39f931570cca67a287e044d52c6ec2f8acbf5620ada3312e9db3a2fd63877188d829c070beaa730607e3309e768
-Size (dnsmasq-2.77.tar.xz) = 487244 bytes
+SHA1 (dnsmasq-2.78.tar.xz) = 07d452c0a18637a9d4e2751e57971b493631bb23
+RMD160 (dnsmasq-2.78.tar.xz) = a724387aeb5ea46080b85caac6bddc9bb04a5814
+SHA512 (dnsmasq-2.78.tar.xz) = 9b79b84e5a768d52f90f6335ccef2c404ecd7a13e78e49f4cd0755fffc6cf34d0dc96ad4c72cad1dab3c5743a8d0d789b3e9b6e625b03c5675bb898ca61a698b
+Size (dnsmasq-2.78.tar.xz) = 489172 bytes
SHA1 (patch-src_bpf.c) = 05dc64c016c608e6b963ce9ee80c28e872a88f9e
Home |
Main Index |
Thread Index |
Old Index